AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1604 results
LOW EXPLOIT AVAIL

PyTorch NCCL: local DoS in distributed training reduce op

CVE-2025-4287
3.3
EPSS 0.1%
DoS Framework Training Data
3 ATLAS
CRITICAL EXPLOIT AVAIL

browser-use: URL allowlist bypass enables SSRF in agents

CVE-2025-47241
9.3
EPSS 0.2%
Auth Bypass Data Extraction Agent Framework
browser-use Patch: 0.1.45 CWE-647 63 5 ATLAS
HIGH EXPLOIT AVAIL

LLaMA-Factory: RCE via torch.load() unsafe deserialization

CVE-2025-46567
7.8
EPSS 0.2%
Code Execution Supply Chain Framework Training Data
llamafactory Patch: 0.9.3 CWE-502 1 5 ATLAS
HIGH EXPLOIT AVAIL

vLLM: DoS via quadratic multimodal tokenizer input

CVE-2025-46560
7.5
EPSS 0.6%
DoS Inference Framework
vllm CWE-1333 127 3 ATLAS
CRITICAL EXPLOIT AVAIL

vLLM: RCE via pickle deserialization on ZeroMQ

CVE-2025-32444
9.8
EPSS 2.5%
Code Execution Supply Chain Inference Framework
vllm CWE-502 127 5 ATLAS
HIGH EXPLOIT AVAIL

vLLM: ZeroMQ socket exposure enables DoS in multi-node

CVE-2025-30202
7.5
EPSS 0.4%
DoS Data Leakage Inference Framework
vllm CWE-770 127 4 ATLAS
MEDIUM EXPLOIT AVAIL

transformers: ReDoS in GPT-NeoX Japanese tokenizer

CVE-2025-1194
6.5
EPSS 0.1%
DoS Framework
transformers CWE-1333 7.9K 4 ATLAS
MEDIUM

n8n: stored XSS enables account takeover

CVE-2025-46343
5.4
EPSS 0.1%
Auth Bypass Code Execution Agent Framework
n8n 16 5 ATLAS
CRITICAL

vLLM: RCE via malicious model, PyTorch < 2.6 bypass

GHSA-ggpf-24jw-3fcw
9.8
Code Execution Supply Chain Framework Inference Model
vllm Patch: 0.8.0 CWE-1395 127 5 ATLAS
CRITICAL EXPLOIT AVAIL

PyTorch: RCE bypasses weights_only=True safe-load guard

CVE-2025-32434
9.8
EPSS 1.2%
Code Execution Supply Chain Framework Model Inference
pytorch CWE-502 21.9K 6 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: DoS via ctc_loss resource mishandling

CVE-2025-3730
5.5
EPSS 0.1%
DoS Framework
pytorch CWE-404 21.9K 3 ATLAS
MEDIUM

vLLM: DoS via unbounded XGrammar schema cache

GHSA-hf3c-wxg2-49q9
6.5
DoS Supply Chain Inference Framework API
vllm Patch: 0.8.4 CWE-770 127 5 ATLAS
CRITICAL EXPLOIT AVAIL

jupyter-remote-desktop-proxy: VNC network exposure

CVE-2025-32428
--
EPSS 0.2%
Auth Bypass Data Leakage Privacy Violation Framework
jupyter-remote-desktop-proxy Patch: 3.0.1 CWE-668 1.9K 5 ATLAS
CRITICAL EXPLOIT AVAIL

BentoML: RCE via insecure deserialization in runner

CVE-2025-32375
9.8
EPSS 67.3%
Code Execution Data Extraction Supply Chain Framework Inference
bentoml CWE-502 23 5 ATLAS
MEDIUM

xgrammar: unbounded grammar cache causes LLM server DoS

CVE-2025-32381
6.5
EPSS 0.3%
DoS Inference Framework
xgrammar Patch: 0.1.18 CWE-770 154 3 ATLAS
MEDIUM

picklescan: bypass allows silent RCE in ML pipelines

GHSA-v7x6-rv5q-mhwc
--
Supply Chain Code Execution Model Framework
picklescan Patch: 0.0.25 CWE-184 3 6 ATLAS
MEDIUM

picklescan: numpy bypass enables RCE in ML model pipelines

GHSA-fj43-3qmq-673f
--
Supply Chain Code Execution Framework Model
picklescan Patch: 0.0.25 CWE-502 3 7 ATLAS
HIGH EXPLOIT AVAIL

picklescan: scanner bypass enables DNS data exfiltration

CVE-2025-46417
--
EPSS 0.2%
Supply Chain Data Extraction Data Leakage Framework Model
picklescan Patch: 0.0.25 CWE-184 3 6 ATLAS
CRITICAL KEV SCANNER

Langflow: Unauth RCE via code injection endpoint

CVE-2025-3248
9.8
EPSS 91.8%
Code Execution Auth Bypass Framework Agent
langflow CWE-94 5 ATLAS
CRITICAL EXPLOIT AVAIL

BentoML: unauthenticated RCE via insecure deserialization

CVE-2025-27520
9.8
EPSS 81.0%
Code Execution Supply Chain Framework Inference
bentoml CWE-502 23 5 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial